Google Git
Sign in
apache / usergrid / 28cad0117254552c786717a52fe4921aef6e6ad1 / . / content / docs / security-and-auth / using-roles.html
blob: b0f452f27f9ed1f9796676a56743a57b0d3aee17 [file] [log] [blame]
<!DOCTYPE html>
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Using roles &mdash; Apache Usergrid 2.x documentation</title>
<link rel="stylesheet" href="../_static/css/theme.css" type="text/css" />
<link rel="top" title="Apache Usergrid 2.x documentation" href="../index.html"/>
<link rel="next" title="Authenticating users &amp; app clients" href="authenticating-users-and-application-clients.html"/>
<link rel="prev" title="Using permissions" href="using-permissions.html"/>
<script src="../_static/js/modernizr.min.js"></script>
</head>
<body class="wy-body-for-nav" role="document">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side">
<div class="wy-side-nav-search">
<a href="../index.html" class="icon icon-home"> Apache Usergrid
</a>
<div class="version">
2.x
</div>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
<input type="text" name="q" placeholder="Search docs" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div>
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
<p class="caption"><span class="caption-text">Getting Started</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../introduction/overview.html">Getting Started</a></li>
<li class="toctree-l1"><a class="reference internal" href="../introduction/usergrid-features.html">Usergrid Features</a></li>
<li class="toctree-l1"><a class="reference internal" href="../introduction/data-model.html">Usergrid Data model</a></li>
<li class="toctree-l1"><a class="reference internal" href="../introduction/async-vs-sync.html">Async vs. sync calls</a></li>
</ul>
<p class="caption"><span class="caption-text">Using Usergrid</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../using-usergrid/creating-account.html">Creating a Usergrid Account</a></li>
<li class="toctree-l1"><a class="reference internal" href="../using-usergrid/creating-a-new-application.html">Creating a new application</a></li>
<li class="toctree-l1"><a class="reference internal" href="../using-usergrid/using-a-sandbox-app.html">Using a Sandbox Application</a></li>
<li class="toctree-l1"><a class="reference internal" href="../using-usergrid/using-the-api.html">Using the API</a></li>
</ul>
<p class="caption"><span class="caption-text">Data Storage</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../data-storage/data-store-dbms.html">The Usergrid Data Store</a></li>
<li class="toctree-l1"><a class="reference internal" href="../data-storage/optimizing-access.html">Data Store Best Practices</a></li>
<li class="toctree-l1"><a class="reference internal" href="../data-storage/collections.html">Collections</a></li>
<li class="toctree-l1"><a class="reference internal" href="../data-storage/entities.html">Entities</a></li>
</ul>
<p class="caption"><span class="caption-text">Data Queries</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../data-queries/querying-your-data.html">Querying your data</a></li>
<li class="toctree-l1"><a class="reference internal" href="../data-queries/query-parameters.html">Query parameters &amp; clauses</a></li>
<li class="toctree-l1"><a class="reference internal" href="../data-queries/operators-and-types.html">Query operators &amp; data types</a></li>
<li class="toctree-l1"><a class="reference internal" href="../data-queries/advanced-query-usage.html">Advanced query usage</a></li>
</ul>
<p class="caption"><span class="caption-text">Entity Connections</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../entity-connections/connecting-entities.html">Connecting entities</a></li>
<li class="toctree-l1"><a class="reference internal" href="../entity-connections/retrieving-entities.html">Retrieving connections</a></li>
<li class="toctree-l1"><a class="reference internal" href="../entity-connections/disconnecting-entities.html">Disconnecting entities</a></li>
</ul>
<p class="caption"><span class="caption-text">Push Notifications</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../push-notifications/overview.html">Push notifications overview</a></li>
<li class="toctree-l1"><a class="reference internal" href="../push-notifications/adding-push-support.html">Adding push notifications support</a></li>
<li class="toctree-l1"><a class="reference internal" href="../push-notifications/getting-started.html">Getting started with push notifications</a></li>
<li class="toctree-l1"><a class="reference internal" href="../push-notifications/tutorial.html">Tutorial: Push notifications sample app</a></li>
<li class="toctree-l1"><a class="reference internal" href="../push-notifications/registering.html">Registering with a notification service</a></li>
<li class="toctree-l1"><a class="reference internal" href="../push-notifications/creating-notifiers.html">Creating notifiers</a></li>
<li class="toctree-l1"><a class="reference internal" href="../push-notifications/managing-users-and-devices.html">Managing users and devices</a></li>
<li class="toctree-l1"><a class="reference internal" href="../push-notifications/creating-and-managing-notifications.html">Creating and managing notifications</a></li>
<li class="toctree-l1"><a class="reference internal" href="../push-notifications/troubleshooting.html">Troubleshooting</a></li>
</ul>
<p class="caption"><span class="caption-text">Security &amp; Authentication</span></p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="app-security.html">Security &amp; token authentication</a></li>
<li class="toctree-l1"><a class="reference internal" href="using-permissions.html">Using permissions</a></li>
<li class="toctree-l1 current"><a class="current reference internal" href="">Using roles</a><ul>
<li class="toctree-l2"><a class="reference internal" href="#default-roles">Default roles</a></li>
<li class="toctree-l2"><a class="reference internal" href="#creating-roles">Creating roles</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#request-syntax">Request syntax</a></li>
<li class="toctree-l3"><a class="reference internal" href="#example-request">Example request</a></li>
<li class="toctree-l3"><a class="reference internal" href="#example-response">Example response</a></li>
<li class="toctree-l3"><a class="reference internal" href="#creating-roles-in-the-admin-portal">Creating Roles in the Admin Portal</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="#assigning-roles">Assigning roles</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#id1">Request syntax</a></li>
<li class="toctree-l3"><a class="reference internal" href="#id2">Example request</a></li>
<li class="toctree-l3"><a class="reference internal" href="#id3">Example response</a></li>
<li class="toctree-l3"><a class="reference internal" href="#assigning-roles-in-the-admin-portal">Assigning Roles in the Admin Portal</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="#removing-roles">Removing roles</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#id4">Request syntax</a></li>
<li class="toctree-l3"><a class="reference internal" href="#id5">Example request</a></li>
<li class="toctree-l3"><a class="reference internal" href="#id6">Example response</a></li>
<li class="toctree-l3"><a class="reference internal" href="#removing-roles-in-the-admin-portal">Removing Roles in the Admin Portal</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="authenticating-users-and-application-clients.html">Authenticating users &amp; app clients</a></li>
<li class="toctree-l1"><a class="reference internal" href="user-authentication-types.html">Authentication levels</a></li>
<li class="toctree-l1"><a class="reference internal" href="changing-token-time-live-ttl.html">Changing token expiration (time-to-live)</a></li>
<li class="toctree-l1"><a class="reference internal" href="authenticating-api-requests.html">Authenticating API requests</a></li>
<li class="toctree-l1"><a class="reference internal" href="revoking-tokens-logout.html">Revoking tokens (logout)</a></li>
<li class="toctree-l1"><a class="reference internal" href="facebook-sign.html">Facebook sign in</a></li>
<li class="toctree-l1"><a class="reference internal" href="securing-your-app.html">Security best practices</a></li>
</ul>
<p class="caption"><span class="caption-text">User Management &amp; Social Graph</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../user-management/user-management.html">User management &amp; social graph</a></li>
<li class="toctree-l1"><a class="reference internal" href="../user-management/working-user-data.html">Working with User Data</a></li>
<li class="toctree-l1"><a class="reference internal" href="../user-management/group.html">Working with group data</a></li>
<li class="toctree-l1"><a class="reference internal" href="../user-management/activity.html">Activity</a></li>
<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html">Social Graph Connections</a></li>
<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html#creating-other-connections">Creating other connections</a></li>
<li class="toctree-l1"><a class="reference internal" href="../user-management/messagee-example.html">App Example - Messagee</a></li>
</ul>
<p class="caption"><span class="caption-text">Geo-location</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../geolocation/geolocation.html">Geolocating your Entities</a></li>
</ul>
<p class="caption"><span class="caption-text">Assets &amp; Files</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../assets-and-files/uploading-assets.html">Uploading assets</a></li>
<li class="toctree-l1"><a class="reference internal" href="../assets-and-files/retrieving-assets.html">Retrieving assets</a></li>
<li class="toctree-l1"><a class="reference internal" href="../assets-and-files/folders.html">Folders</a></li>
</ul>
<p class="caption"><span class="caption-text">Counters &amp; Events</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/events-and-counters.html">Counters &amp; events</a></li>
<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html">Creating &amp; incrementing counters</a></li>
<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#decrementing-resetting-counters">Decrementing/resetting counters</a></li>
<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#using-counters-hierarchically">Using counters hierarchically</a></li>
<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/retrieving-counters.html">Retrieving counters</a></li>
</ul>
<p class="caption"><span class="caption-text">Organizations &amp; Applications</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/managing.html">Organization &amp; application management</a></li>
<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/organization.html">Organization</a></li>
<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/application.html">Application</a></li>
<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/admin-user.html">Admin user</a></li>
</ul>
<p class="caption"><span class="caption-text">API Reference</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html">Methods</a></li>
<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#models">Models</a></li>
<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#sub-types">Sub-Types</a></li>
</ul>
<p class="caption"><span class="caption-text">Client SDKs</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../sdks/tbd.html">COMING SOON...</a></li>
</ul>
<p class="caption"><span class="caption-text">Installing Usergrid</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../installation/deployment-guide.html">Usergrid 2.1.0 Deployment Guide</a></li>
</ul>
<p class="caption"><span class="caption-text">More about Usergrid</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../reference/presos-and-videos.html">Presentations &amp; Videos</a></li>
<li class="toctree-l1"><a class="reference internal" href="../reference/contribute-code.html">How to Contribute Code &amp; Docs</a></li>
</ul>
</div>
&nbsp;
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
<nav class="wy-nav-top" role="navigation" aria-label="top navigation">
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="../index.html">Apache Usergrid</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="breadcrumbs navigation">
<ul class="wy-breadcrumbs">
<li><a href="../index.html">Docs</a> &raquo;</li>
<li>Using roles</li>
<li class="wy-breadcrumbs-aside">
<a href="../_sources/security-and-auth/using-roles.txt" rel="nofollow"> View page source</a>
</li>
</ul>
<hr/>
</div>
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div itemprop="articleBody">
<div class="section" id="using-roles">
<h1>Using roles<a class="headerlink" href="#using-roles" title="Permalink to this headline">ΒΆ</a></h1>
<p>Roles are named sets of one or more permissions, and are useful for
defining specific access levels to resources in your Usergrid data
store. Multiple roles can be assigned to a user or group, giving you a
great deal of flexibility in how access to resources are defined.</p>
<p>For example, in a blogging app you might create a &#8216;reviewer&#8217; role that
allows GET and PUT access to an articles collection to allow the user to
retrieve and update articles, but not allow them to create new articles.</p>
<div class="section" id="default-roles">
<h2>Default roles<a class="headerlink" href="#default-roles" title="Permalink to this headline">ΒΆ</a></h2>
<p>While you can create as many custom roles as you want per application,
all Usegrid applications include three default roles. These roles each
serve a special purpose and should not be deleted; however, you can and
should adjust the permissions assigned to these roles to suit the needs
of you app.</p>
<p>The following table describes each pre-defined role, and the permissions
that are assigned to them by default.</p>
<table class="usergrid-table">
<tr>
<th><p>Role</p>
</th>
<th class="usergrid-30"><p>Permissions</p>
</th>
<th><p>Description</p>
</th>
</tr>
<tr>
<td><p>Guest</p>
</td>
<td><ul class="simple">
<li>post: /devices</li>
<li>post: /users</li>
<li>put: /devices/*</li>
</ul>
</td>
<td><p>Assigned to all unauthenticated requests. Includes a basic set of
permissions that are commonly needed by unregistered or unauthenticated
users.</p>
<p><p>Grants permission for a user to create a user account and for their
device to be registered.</p>
</td>
</tr>
<tr>
<td><p>Default</p>
</td>
<td><ul class="simple">
<li>get, post, put, delete: /**</li>
</ul>
</td>
<td><p>Default for authenticated users. Assigns the associated permissions to
all users whose requests are authenticated with a valid access token.</p>
<div class="admonition warning"> <p class="first admonition-title"><p>WARNING</p>
</p> <p class="last">
By default, **grants full access for all resources in your<p>application**. A first task in securing your application should be to
restrict access by redefining this role to narrow the access it
provides. Remove the default full permission rule and add restrictive
permission rules for a production deployment.</p>
</p></div></td>
</tr>
<tr>
<td><p>Administrator</p>
</td>
<td><p>None</p>
</td>
<td><p>Unused until you associate it with users or groups. By default, includes
no permissions that provide access. Grants no access. Consider this a
blank slate. Add permission rules and associate this role with users and
groups as needed.</p>
<div class="admonition note"> <p class="first admonition-title"><p>NOTE</p>
</p> <p class="last">
The Administrator role is not the same as an organization<p>administrator, that is, someone who authenticates as an Admin User. The
Admin User is an implicit user created when you create an organization.
After authenticating, the Admin User has full access to all of the
administration features of the Usergrid API. By comparison, the
Administrator role is simply a role (initially without permissions) that
can be assigned to any user.</p>
</p></div></td>
</tr>
</table></div>
<div class="section" id="creating-roles">
<h2>Creating roles<a class="headerlink" href="#creating-roles" title="Permalink to this headline">ΒΆ</a></h2>
<p>Generally, it is easiest to a create a role for each access type you
want to enable in your app. You may, however, assign multiple roles to
any user or group entity, so you have the flexibility to define any
schema for applying roles that you like.</p>
<p>The following shows how to create a new role and assign permissions to
it.</p>
<div class="section" id="request-syntax">
<h3>Request syntax<a class="headerlink" href="#request-syntax" title="Permalink to this headline">ΒΆ</a></h3>
<p>With cURL requests a role entity is created with a POST request, then
permissions must be assigned to it with a separate request. For more on
assigning permissions with cURL, see <a class="reference external" href="security-and-auth/using-permissions.html">Using
Permissions</a>.</p>
<p>The following details how to create a new role entity.</p>
<div class="highlight-python"><div class="highlight"><pre>curl -X POST https://api.usergrid.com/&lt;org&gt;/&lt;app&gt;/roles -d &#39;{&quot;name&quot;:&lt;roleName&gt;}&#39;
</pre></div>
</div>
<p>Parameters</p>
<table border="1" class="docutils">
<colgroup>
<col width="24%" />
<col width="76%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Parameter</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td>org</td>
<td>Organization UUID or organization name</td>
</tr>
<tr class="row-odd"><td>app</td>
<td>Application UUID or application name</td>
</tr>
<tr class="row-even"><td>roleName</td>
<td>The name of the role to be created</td>
</tr>
</tbody>
</table>
</div>
<div class="section" id="example-request">
<h3>Example request<a class="headerlink" href="#example-request" title="Permalink to this headline">ΒΆ</a></h3>
<div class="highlight-python"><div class="highlight"><pre>curl -X POST &quot;https://api.usergrid.com/my-org/my-app/roles/ -d &#39;{&quot;name&quot;:&quot;manager&quot;}&#39;
</pre></div>
</div>
</div>
<div class="section" id="example-response">
<h3>Example response<a class="headerlink" href="#example-response" title="Permalink to this headline">ΒΆ</a></h3>
<div class="highlight-python"><div class="highlight"><pre><span class="p">{</span>
<span class="s">&quot;action&quot;</span> <span class="p">:</span> <span class="s">&quot;post&quot;</span><span class="p">,</span>
<span class="s">&quot;application&quot;</span> <span class="p">:</span> <span class="s">&quot;f34f4222-a166-11e2-a7f7-02e81adcf3d0&quot;</span><span class="p">,</span>
<span class="s">&quot;params&quot;</span> <span class="p">:</span> <span class="p">{</span> <span class="p">},</span>
<span class="s">&quot;path&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles&quot;</span><span class="p">,</span>
<span class="s">&quot;uri&quot;</span> <span class="p">:</span> <span class="s">&quot;https://api.usergrid.com/your-org/your-app/roles&quot;</span><span class="p">,</span>
<span class="s">&quot;entities&quot;</span> <span class="p">:</span> <span class="p">[</span> <span class="p">{</span>
<span class="s">&quot;uuid&quot;</span> <span class="p">:</span> <span class="s">&quot;382d0991-74bb-3548-8166-6b07e44495ef&quot;</span><span class="p">,</span>
<span class="s">&quot;type&quot;</span> <span class="p">:</span> <span class="s">&quot;role&quot;</span><span class="p">,</span>
<span class="s">&quot;name&quot;</span> <span class="p">:</span> <span class="s">&quot;manager&quot;</span><span class="p">,</span>
<span class="s">&quot;created&quot;</span> <span class="p">:</span> <span class="mi">1402612783104</span><span class="p">,</span>
<span class="s">&quot;modified&quot;</span> <span class="p">:</span> <span class="mi">1402612783104</span><span class="p">,</span>
<span class="s">&quot;roleName&quot;</span> <span class="p">:</span> <span class="s">&quot;manager&quot;</span><span class="p">,</span>
<span class="s">&quot;title&quot;</span> <span class="p">:</span> <span class="s">&quot;manager&quot;</span><span class="p">,</span>
<span class="s">&quot;inactivity&quot;</span> <span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
<span class="s">&quot;metadata&quot;</span> <span class="p">:</span> <span class="p">{</span>
<span class="s">&quot;path&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/382d0991-74bb-3548-8166-6b07e44495ef&quot;</span><span class="p">,</span>
<span class="s">&quot;sets&quot;</span> <span class="p">:</span> <span class="p">{</span>
<span class="s">&quot;permissions&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/382d0991-74bb-3548-8166-6b07e44495ef/permissions&quot;</span>
<span class="p">},</span>
<span class="s">&quot;collections&quot;</span> <span class="p">:</span> <span class="p">{</span>
<span class="s">&quot;groups&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/382d0991-74bb-3548-8166-6b07e44495ef/groups&quot;</span><span class="p">,</span>
<span class="s">&quot;users&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/382d0991-74bb-3548-8166-6b07e44495ef/users&quot;</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}</span> <span class="p">],</span>
<span class="s">&quot;timestamp&quot;</span> <span class="p">:</span> <span class="mi">1402612783102</span><span class="p">,</span>
<span class="s">&quot;duration&quot;</span> <span class="p">:</span> <span class="mi">30</span><span class="p">,</span>
<span class="s">&quot;organization&quot;</span> <span class="p">:</span> <span class="s">&quot;your-org&quot;</span><span class="p">,</span>
<span class="s">&quot;applicationName&quot;</span> <span class="p">:</span> <span class="s">&quot;your-app&quot;</span>
<span class="p">}</span>
</pre></div>
</div>
</div>
<div class="section" id="creating-roles-in-the-admin-portal">
<h3>Creating Roles in the Admin Portal<a class="headerlink" href="#creating-roles-in-the-admin-portal" title="Permalink to this headline">ΒΆ</a></h3>
<ol class="arabic simple">
<li>In the left sidebar of the Usergrid portal, click Users &gt; Roles. This
displays the roles defined for the application. Click the &#8216;+&#8217; button.</li>
<li>In the dialog box, provide a &#8216;title&#8217; and &#8216;role name.&#8217; A title is an
alias for the role name.</li>
<li>Click &#8216;Create&#8217;. The role will be created, but will not have any
permissions assigned to it.</li>
<li>Click the role you created in the list.</li>
<li>Click the &#8216;Add permissions&#8217; button.</li>
<li>In the dialog box, click the check boxes for the HTTP methods you
want to grant permissions for, and enter the resource path in the
&#8216;Path&#8217; field.</li>
<li>The &#8216;Inactivity&#8217; field lets you control automatic user logout during
periods of inactivity. Set a number of seconds of inactivity before
users assigned to this role are automatically logged out.</li>
</ol>
</div>
</div>
<div class="section" id="assigning-roles">
<h2>Assigning roles<a class="headerlink" href="#assigning-roles" title="Permalink to this headline">ΒΆ</a></h2>
<p>Once you have created some roles, you will need to explicitly assign
them to a user or group entity. The permissions associated with that
role will be granted to the entity immediately for any requests they
send that are authenticated by a valid access token. Please note that
assigning a role to a group will grant the associated permissions to
every user in that group.</p>
<p>The following shows how to assign a role to an entity.</p>
<div class="section" id="id1">
<h3>Request syntax<a class="headerlink" href="#id1" title="Permalink to this headline">ΒΆ</a></h3>
<div class="highlight-python"><div class="highlight"><pre>curl -X POST https://api.usergrid.com/&lt;org&gt;/&lt;app&gt;/roles/&lt;roleName&gt;/&lt;entityType&gt;/&lt;entityID&gt;
</pre></div>
</div>
<p>Parameters</p>
<table border="1" class="docutils">
<colgroup>
<col width="13%" />
<col width="87%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Parameter</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td>org</td>
<td>Organization UUID or organization name</td>
</tr>
<tr class="row-odd"><td>app</td>
<td>Application UUID or application name</td>
</tr>
<tr class="row-even"><td>roleName</td>
<td>The name of the role to be created</td>
</tr>
<tr class="row-odd"><td>entityType</td>
<td>The type of the entity the role is being assigned to. &#8216;Group&#8217; and &#8216;user&#8217; are valid values.</td>
</tr>
<tr class="row-even"><td>entityID</td>
<td>The UUID of the entity the role is being assigned to.</td>
</tr>
</tbody>
</table>
<p>For groups, the &#8216;name&#8217; property can be used. For users, the &#8216;username&#8217;
property can be used.</p>
</div>
<div class="section" id="id2">
<h3>Example request<a class="headerlink" href="#id2" title="Permalink to this headline">ΒΆ</a></h3>
<div class="highlight-python"><div class="highlight"><pre>curl -X POST &quot;https://api.usergrid.com/my-org/my-app/roles/manager/users/someUser
</pre></div>
</div>
</div>
<div class="section" id="id3">
<h3>Example response<a class="headerlink" href="#id3" title="Permalink to this headline">ΒΆ</a></h3>
<div class="highlight-python"><div class="highlight"><pre><span class="p">{</span>
<span class="s">&quot;action&quot;</span> <span class="p">:</span> <span class="s">&quot;post&quot;</span><span class="p">,</span>
<span class="s">&quot;application&quot;</span> <span class="p">:</span> <span class="s">&quot;f34f4222-a166-11e2-a7f7-02e81adcf3d0&quot;</span><span class="p">,</span>
<span class="s">&quot;params&quot;</span> <span class="p">:</span> <span class="p">{</span> <span class="p">},</span>
<span class="s">&quot;path&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users&quot;</span><span class="p">,</span>
<span class="s">&quot;uri&quot;</span> <span class="p">:</span> <span class="s">&quot;https://api.usergrid.com/your-org/your-app/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users&quot;</span><span class="p">,</span>
<span class="s">&quot;entities&quot;</span> <span class="p">:</span> <span class="p">[</span> <span class="p">{</span>
<span class="s">&quot;uuid&quot;</span> <span class="p">:</span> <span class="s">&quot;410b213a-b379-11e3-a0e5-9953085ea376&quot;</span><span class="p">,</span>
<span class="s">&quot;type&quot;</span> <span class="p">:</span> <span class="s">&quot;user&quot;</span><span class="p">,</span>
<span class="s">&quot;name&quot;</span> <span class="p">:</span> <span class="s">&quot;someUser&quot;</span><span class="p">,</span>
<span class="s">&quot;created&quot;</span> <span class="p">:</span> <span class="mi">1395681911491</span><span class="p">,</span>
<span class="s">&quot;modified&quot;</span> <span class="p">:</span> <span class="mi">1399070010291</span><span class="p">,</span>
<span class="s">&quot;username&quot;</span> <span class="p">:</span> <span class="s">&quot;someUser&quot;</span><span class="p">,</span>
<span class="s">&quot;activated&quot;</span> <span class="p">:</span> <span class="n">true</span><span class="p">,</span>
<span class="s">&quot;file&quot;</span> <span class="p">:</span> <span class="s">&quot;fobnszewobnioerabnoiawegbrn</span><span class="se">\n</span><span class="s">&quot;</span><span class="p">,</span>
<span class="s">&quot;metadata&quot;</span> <span class="p">:</span> <span class="p">{</span>
<span class="s">&quot;connecting&quot;</span> <span class="p">:</span> <span class="p">{</span>
<span class="s">&quot;friends&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/connecting/friends&quot;</span><span class="p">,</span>
<span class="s">&quot;likes&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/connecting/likes&quot;</span>
<span class="p">},</span>
<span class="s">&quot;path&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376&quot;</span><span class="p">,</span>
<span class="s">&quot;sets&quot;</span> <span class="p">:</span> <span class="p">{</span>
<span class="s">&quot;rolenames&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/roles&quot;</span><span class="p">,</span>
<span class="s">&quot;permissions&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/permissions&quot;</span>
<span class="p">},</span>
<span class="s">&quot;connections&quot;</span> <span class="p">:</span> <span class="p">{</span>
<span class="s">&quot;completed&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/completed&quot;</span><span class="p">,</span>
<span class="s">&quot;follows&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/follows&quot;</span>
<span class="p">},</span>
<span class="s">&quot;collections&quot;</span> <span class="p">:</span> <span class="p">{</span>
<span class="s">&quot;activities&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/activities&quot;</span><span class="p">,</span>
<span class="s">&quot;devices&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/devices&quot;</span><span class="p">,</span>
<span class="s">&quot;feed&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/feed&quot;</span><span class="p">,</span>
<span class="s">&quot;groups&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/groups&quot;</span><span class="p">,</span>
<span class="s">&quot;roles&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/roles&quot;</span><span class="p">,</span>
<span class="s">&quot;following&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/following&quot;</span><span class="p">,</span>
<span class="s">&quot;followers&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/followers&quot;</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}</span> <span class="p">],</span>
<span class="s">&quot;timestamp&quot;</span> <span class="p">:</span> <span class="mi">1402965083889</span><span class="p">,</span>
<span class="s">&quot;duration&quot;</span> <span class="p">:</span> <span class="mi">41</span><span class="p">,</span>
<span class="s">&quot;organization&quot;</span> <span class="p">:</span> <span class="s">&quot;your-org&quot;</span><span class="p">,</span>
<span class="s">&quot;applicationName&quot;</span> <span class="p">:</span> <span class="s">&quot;your-app&quot;</span>
<span class="p">}</span>
</pre></div>
</div>
</div>
<div class="section" id="assigning-roles-in-the-admin-portal">
<h3>Assigning Roles in the Admin Portal<a class="headerlink" href="#assigning-roles-in-the-admin-portal" title="Permalink to this headline">ΒΆ</a></h3>
<p>The easiest way to assign roles to user or group entities is to use the
&#8216;Users&#8217; tab of the Usergrid admin portal, by doing the following:</p>
<ol class="arabic simple">
<li>In the left sidebar of the admin portal, click Users &gt; Users or Users
&gt; Groups to display either the list of users or groups in your
application.</li>
<li>In the list, click the name of the user or group entity you want to
assign roles to to display its details in the right pane.</li>
<li>Click the &#8216;Roles &amp; Permissions&#8217; tab above the right pane.</li>
<li>Click the &#8216;Add Role&#8217; button.</li>
<li>In the popup, select a role from the drop down menu.</li>
<li>Click the &#8216;Add&#8217; button.</li>
</ol>
</div>
</div>
<div class="section" id="removing-roles">
<h2>Removing roles<a class="headerlink" href="#removing-roles" title="Permalink to this headline">ΒΆ</a></h2>
<p>At times it may be necessary to remove a role from a user or group
entity, for example if a user changes jobs, or the duties of a group are
altered. Please note that removing a role from a group will remove the
associated permissions from every user in that group.</p>
<p>The following shows how to remove a role from an entity.</p>
<div class="section" id="id4">
<h3>Request syntax<a class="headerlink" href="#id4" title="Permalink to this headline">ΒΆ</a></h3>
<div class="highlight-python"><div class="highlight"><pre>curl -X DELETE https://api.usergrid.com/&lt;org&gt;/&lt;app&gt;/roles/&lt;roleName&gt;/&lt;entityType&gt;/&lt;entityID&gt;
</pre></div>
</div>
<p>Parameters</p>
<table border="1" class="docutils">
<colgroup>
<col width="13%" />
<col width="87%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Parameter</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td>org</td>
<td>Organization UUID or organization name</td>
</tr>
<tr class="row-odd"><td>app</td>
<td>Application UUID or application name</td>
</tr>
<tr class="row-even"><td>roleName</td>
<td>The name of the role to be created</td>
</tr>
<tr class="row-odd"><td>entityType</td>
<td>The type of the entity the role is being removed from. &#8216;Group&#8217; and &#8216;user&#8217; are valid values.</td>
</tr>
<tr class="row-even"><td>entityID</td>
<td>The UUID of the entity the role is being removed from.</td>
</tr>
</tbody>
</table>
<p>For groups, the &#8216;name&#8217; property can be used. For users, the &#8216;username&#8217;
property can be used.</p>
</div>
<div class="section" id="id5">
<h3>Example request<a class="headerlink" href="#id5" title="Permalink to this headline">ΒΆ</a></h3>
<div class="highlight-python"><div class="highlight"><pre>curl -X DELETE https://api.usergrid.com/my-org/my-app/roles/manager/users/someUser
</pre></div>
</div>
</div>
<div class="section" id="id6">
<h3>Example response<a class="headerlink" href="#id6" title="Permalink to this headline">ΒΆ</a></h3>
<div class="highlight-python"><div class="highlight"><pre><span class="p">{</span>
<span class="s">&quot;action&quot;</span> <span class="p">:</span> <span class="s">&quot;delete&quot;</span><span class="p">,</span>
<span class="s">&quot;application&quot;</span> <span class="p">:</span> <span class="s">&quot;f34f4222-a166-11e2-a7f7-02e81adcf3d0&quot;</span><span class="p">,</span>
<span class="s">&quot;params&quot;</span> <span class="p">:</span> <span class="p">{</span> <span class="p">},</span>
<span class="s">&quot;path&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users&quot;</span><span class="p">,</span>
<span class="s">&quot;uri&quot;</span> <span class="p">:</span> <span class="s">&quot;https://api.usergrid.com/your-org/your-app/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users&quot;</span><span class="p">,</span>
<span class="s">&quot;entities&quot;</span> <span class="p">:</span> <span class="p">[</span> <span class="p">{</span>
<span class="s">&quot;uuid&quot;</span> <span class="p">:</span> <span class="s">&quot;410b213a-b379-11e3-a0e5-9953085ea376&quot;</span><span class="p">,</span>
<span class="s">&quot;type&quot;</span> <span class="p">:</span> <span class="s">&quot;user&quot;</span><span class="p">,</span>
<span class="s">&quot;name&quot;</span> <span class="p">:</span> <span class="s">&quot;someUser&quot;</span><span class="p">,</span>
<span class="s">&quot;created&quot;</span> <span class="p">:</span> <span class="mi">1395681911491</span><span class="p">,</span>
<span class="s">&quot;modified&quot;</span> <span class="p">:</span> <span class="mi">1399070010291</span><span class="p">,</span>
<span class="s">&quot;username&quot;</span> <span class="p">:</span> <span class="s">&quot;someUser&quot;</span><span class="p">,</span>
<span class="s">&quot;activated&quot;</span> <span class="p">:</span> <span class="n">true</span><span class="p">,</span>
<span class="s">&quot;metadata&quot;</span> <span class="p">:</span> <span class="p">{</span>
<span class="s">&quot;connecting&quot;</span> <span class="p">:</span> <span class="p">{</span>
<span class="s">&quot;friends&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/connecting/friends&quot;</span><span class="p">,</span>
<span class="s">&quot;likes&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/connecting/likes&quot;</span>
<span class="p">},</span>
<span class="s">&quot;path&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376&quot;</span><span class="p">,</span>
<span class="s">&quot;sets&quot;</span> <span class="p">:</span> <span class="p">{</span>
<span class="s">&quot;rolenames&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/roles&quot;</span><span class="p">,</span>
<span class="s">&quot;permissions&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/permissions&quot;</span>
<span class="p">},</span>
<span class="s">&quot;connections&quot;</span> <span class="p">:</span> <span class="p">{</span>
<span class="s">&quot;completed&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/completed&quot;</span><span class="p">,</span>
<span class="s">&quot;follows&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/follows&quot;</span>
<span class="p">},</span>
<span class="s">&quot;collections&quot;</span> <span class="p">:</span> <span class="p">{</span>
<span class="s">&quot;activities&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/activities&quot;</span><span class="p">,</span>
<span class="s">&quot;devices&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/devices&quot;</span><span class="p">,</span>
<span class="s">&quot;feed&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/feed&quot;</span><span class="p">,</span>
<span class="s">&quot;groups&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/groups&quot;</span><span class="p">,</span>
<span class="s">&quot;roles&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/roles&quot;</span><span class="p">,</span>
<span class="s">&quot;following&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/following&quot;</span><span class="p">,</span>
<span class="s">&quot;followers&quot;</span> <span class="p">:</span> <span class="s">&quot;/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/followers&quot;</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}</span> <span class="p">],</span>
<span class="s">&quot;timestamp&quot;</span> <span class="p">:</span> <span class="mi">1403214283808</span><span class="p">,</span>
<span class="s">&quot;duration&quot;</span> <span class="p">:</span> <span class="mi">358</span><span class="p">,</span>
<span class="s">&quot;organization&quot;</span> <span class="p">:</span> <span class="s">&quot;your-org&quot;</span><span class="p">,</span>
<span class="s">&quot;applicationName&quot;</span> <span class="p">:</span> <span class="s">&quot;your-app&quot;</span>
<span class="p">}</span>
</pre></div>
</div>
</div>
<div class="section" id="removing-roles-in-the-admin-portal">
<h3>Removing Roles in the Admin Portal<a class="headerlink" href="#removing-roles-in-the-admin-portal" title="Permalink to this headline">ΒΆ</a></h3>
<p>The easiest way to remove roles from user or group entities is to use
the &#8216;Users&#8217; tab of the Usergrid admin portal, by doing the following:</p>
<ol class="arabic simple">
<li>In the left sidebar of the Usergrid admin portal, click Users &gt; Users
or Users &gt; Groups to display either the list of users or groups in
your application.</li>
<li>In the list, click the name of the user or group entity you want to
remove roles from to display its details in the right pane.</li>
<li>Click the &#8216;Roles &amp; Permissions&#8217; tab above the right pane.</li>
<li>Click the role you created in the list.</li>
<li>Under &#8216;Roles&#8217;, click the checkbox beside the role you want to remove
from the entity.</li>
<li>Click the &#8216;Leave roles&#8217; button.</li>
</ol>
</div>
</div>
</div>
</div>
</div>
<footer>
<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
<a href="authenticating-users-and-application-clients.html" class="btn btn-neutral float-right" title="Authenticating users &amp; app clients" accesskey="n">Next <span class="fa fa-arrow-circle-right"></span></a>
<a href="using-permissions.html" class="btn btn-neutral" title="Using permissions" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a>
</div>
<hr/>
<div role="contentinfo">
<p>
&copy; Copyright 2013-2015, Apache Usergrid.
</p>
</div>
Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
</footer>
</div>
</div>
</section>
</div>
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT:'../',
VERSION:'2.x',
COLLAPSE_INDEX:false,
FILE_SUFFIX:'.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
<script type="text/javascript" src="../_static/js/theme.js"></script>
<script type="text/javascript">
jQuery(function () {
SphinxRtdTheme.StickyNav.enable();
});
</script>
</body>
</html>